[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Minios-devel] [UNIKRAFT PATCH v3 1/3] lib/uksp: Introduce uksp library
On 04.12.19 16:14, Vlad-Andrei BĂDOIU (78692) wrote: From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx> This library provides the necessary functionalities for the stack protector. A make clean is required when toggling the stack smashing protection option. Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx> --- lib/Makefile.uk | 1 + lib/uksp/Config.uk | 4 ++ lib/uksp/Makefile.uk | 5 +++ lib/uksp/exportsyms.uk | 2 + lib/uksp/include/uksp/stackprotector.h | 56 ++++++++++++++++++++++++++ lib/uksp/ssp.c | 43 ++++++++++++++++++++ 6 files changed, 111 insertions(+) create mode 100644 lib/uksp/Config.uk create mode 100644 lib/uksp/Makefile.uk create mode 100644 lib/uksp/exportsyms.uk create mode 100644 lib/uksp/include/uksp/stackprotector.h create mode 100644 lib/uksp/ssp.c diff --git a/lib/Makefile.uk b/lib/Makefile.uk index 4b9568a1..735d0eda 100644 --- a/lib/Makefile.uk +++ b/lib/Makefile.uk @@ -34,3 +34,4 @@ $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uktime)) $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukmmap)) $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukblkdev)) $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/posix-process)) +$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uksp)) diff --git a/lib/uksp/Config.uk b/lib/uksp/Config.uk new file mode 100644 index 00000000..497381a3 --- /dev/null +++ b/lib/uksp/Config.uk @@ -0,0 +1,4 @@ +config LIBUKSP + bool "uksp : stack protector" In order to make the library title inline with the others, please remove the space before the colon and start with a capital letter after the colon. For instance: "uksp: Stack protection" + select LIBUKSWRAND + default n diff --git a/lib/uksp/Makefile.uk b/lib/uksp/Makefile.uk new file mode 100644 index 00000000..6c391c9d --- /dev/null +++ b/lib/uksp/Makefile.uk @@ -0,0 +1,5 @@ +$(eval $(call addlib_s,libuksp,$(CONFIG_LIBUKSP))) + +CINCLUDES-y += -I$(LIBUKSP_BASE)/include + +LIBUKSP_SRCS-y += $(LIBUKSP_BASE)/ssp.c diff --git a/lib/uksp/exportsyms.uk b/lib/uksp/exportsyms.uk new file mode 100644 index 00000000..fbc319e7 --- /dev/null +++ b/lib/uksp/exportsyms.uk @@ -0,0 +1,2 @@ +__stack_chk_fail +__stack_chk_guard diff --git a/lib/uksp/include/uksp/stackprotector.h b/lib/uksp/include/uksp/stackprotector.h Hum, do you really want to put the headers under <uksp/stackprotector.h>? I would do it inline with our other Unikraft libraries and add it within the `uk` name space: <uk/sp.h>... But overall, I even think that we do not need a header for this library. I would declare the init function as uk_ctor function - no need to call it directly from lib/ukboot. new file mode 100644 index 00000000..2410b21b --- /dev/null +++ b/lib/uksp/include/uksp/stackprotector.h @@ -0,0 +1,56 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * Authors: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx> + * + * Copyright (c) 2019, University Politehnica of Bucharest. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY. + */ + +#ifndef __UK_STACKPROTECTOR_H__ +#define __UK_STACKPROTECTOR_H__ + +#include <uk/swrand.h> +#include <uk/config.h> + +#ifdef __cplusplus +extern "C" { +#endif + +extern unsigned long __stack_chk_guard; + +static __attribute__((always_inline)) void boot_init_stack_canary(void) +{ + __stack_chk_guard = uk_swrand_randr(); +} I would put the init function into ssp.c and declare it as system constructor: UK_CTOR_FUNC(UK_SWRAND_CTOR_PRIO + 1, init_stack_canary);You would call it directly after libukswrandr was initialized. In order to get the priority value, we maybe want to move `UK_SWRAND_CTOR_PRIO` definition to the <uk/swrand.h> header. + +#ifdef __cplusplus +} +#endif + +#endif /* __UK_STACKPROTECTOR_H__ */ diff --git a/lib/uksp/ssp.c b/lib/uksp/ssp.c new file mode 100644 index 00000000..79fd0e55 --- /dev/null +++ b/lib/uksp/ssp.c @@ -0,0 +1,43 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * Authors: Badoiu Vlad-Andrei <vlad_andrei.badoiu@xxxxxxxxxxxxxxx> + * + * Copyright (c) 2019, University Politehnica of Bucharest. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY. + */ + +#include <uk/assert.h> + +unsigned long __stack_chk_guard; + +__attribute__((noreturn)) +void __stack_chk_fail(void) +{ + UK_CRASH("Stack smashing detected\n"); Maybe we want to add the current stack pointer to the message in order to simplify debugging. There should be a platform API function that you can use to retrieve the sp. +} _______________________________________________ Minios-devel mailing list Minios-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/minios-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |